Squidblacklist.org SquidGuard blacklist updater

Download

1.0.1 – updated 2014-05-10

I wasn’t able to find much discussion about people running pfSense and using the blacklists from Squidblacklist.org so I looked into it and saw that the pfSense version of SquidGuard is not like the others.  I use /usr/local/pkg/Squidguard as the folder to keep the two scripts and have a cron job call squidGuard_blacklist_download.sh every 24 hours.

SquidGuard must be configured to use /tmp/sblupdate/dg-all.tar.gz as the Blacklist URL

Edit squidGuard_blacklist_download.sh and put in your username and password into the fetch URL or the blacklist wont download

Tested with squidGuard-devel 1.5_1.1 beta and squidGuard 1.4_4 pkg v.1.9.6  platform: 1.1  running on pfSense 2.1.5

 



pfBlockerNG

Full topic

If you have used the older package called pfBlocker you’ll want to install this package on 2.2+ as it has a built in updater to keep the Geo IP database current.  Available from System \ Packages

2016-07-18 – pfBlockerNG 2.1 with TLD  has been released- https://github.com/pfsense/FreeBSD-ports/pull/156

Full thread about the update is https://forum.pfsense.org/index.php?topic=115357.0

IP address suppression and reputation system

Duplication removal

Alerts tab shows what has been blocked

If you are having issues removing pfBlocker a script is available that will clean up any remaining pfBlocker code.  This is very useful if you restored to a previous config that was made while pfBlocker was installed.

Another script to help build your blocklists has been created here this will populate your IPv4 alias\list config with many free publicly available block lists.

Other blocklists worth mentioning are

TEK411.com created a video on pfBlockerNG called PfSense 2.2.x Packages – PfBlockerNG – Next Generation

Note: pfBlocker is for pfSense 2.1.x and pfBlockerNG is for 2.2.x these are two different packages by different developers.

 

DShield \ Internet Storm Center pfSense client

Johannes B. Ullrich, Ph.D. from SANS ISC has put together  an experimental PHP script to submit logs from pfSense to DShield.

Download available here



Shallalist Downloader

Shalla’s Blacklist contains over 1.7 million enteries that can be used with SquidGuard or Dansguardian.  This script will download the Shallalist and extract it into /tmp/shallalist  to be used with pfBlockerNG’s DNSBL feature.  Throw it in a cron job that runs once a day and add local links to an alias in DNSBL .  Example /tmp/shallalist/adv/domains

Download Shallalist script